UbuntuUpdates.org

Package "librbd-dev"

Name: librbd-dev

Description:

RADOS block device client library (development files)

Latest version: 10.2.11-0ubuntu0.16.04.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: ceph
Homepage: http://ceph.com/

Links


Download "librbd-dev"


Other versions of "librbd-dev" in Xenial

Repository Area Version
base main 10.1.2-0ubuntu1
security main 10.2.11-0ubuntu0.16.04.3

Changelog

Version: 10.2.11-0ubuntu0.16.04.3 2020-09-22 13:06:51 UTC

  ceph (10.2.11-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-2.patch: change EPERM to
      ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-3.patch: reject control characters in
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - CVE-2020-1760
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2020-10753.patch: sanitize newlines in
      src/rgw/rgw_cors.cc.
    - CVE-2020-10753

 -- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:57:28 -0400

Source diff to previous version
CVE-2020-1760 header-splitting in RGW GetObject has a possible XSS
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS

Version: 10.2.11-0ubuntu0.16.04.2 2019-06-25 13:07:46 UTC

  ceph (10.2.11-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect permissions on dm-crypt keys
    - debian/patches/CVE-2018-14662.patch: limit caps allowed to access the
      store in qa/suites/rados/singleton/all/mon-config-key-caps.yaml,
      qa/workunits/mon/test_config_key_caps.sh, src/mon/MonCap.cc.
    - CVE-2018-14662
  * SECURITY UPDATE: DoS against OMAPs holding bucket indices
    - debian/patches/CVE-2018-16846-pre1.patch: enforce bounds on
      max-keys/max-uploads/max-parts in src/rgw/rgw_op.cc,
      src/rgw/rgw_op.h, src/rgw/rgw_rest.cc, src/rgw/rgw_rest_swift.cc,
      src/common/config_opts.h.
    - debian/patches/CVE-2018-16846.patch: fix issues with 'enforce bounds'
      patch in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc.
    - CVE-2018-16846

 -- Marc Deslauriers <email address hidden> Wed, 29 May 2019 12:06:34 -0400

Source diff to previous version
CVE-2018-14662 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph d
CVE-2018-16846 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

Version: 10.2.11-0ubuntu0.16.04.1 2018-12-04 01:06:11 UTC

  ceph (10.2.11-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream point release (LP: #1784401).
    - d/p/*: Refresh.
  * Resolve build hang with RocksDB under i386:
    - d/p/0001-CoreLocalArray-class.patch
      d/p/0002-core-local-array-type-conversions.patch
      d/p/0003-Core-local-statistics.patch: Selected cherry picks
      from later Ceph releases with same issue.

 -- James Page <email address hidden> Tue, 09 Oct 2018 10:10:23 +0100

Source diff to previous version
1784401 [SRU] ceph 10.2.11

Version: 10.2.10-0ubuntu0.16.04.1 2018-08-02 22:06:50 UTC

  ceph (10.2.10-0ubuntu0.16.04.1) xenial; urgency=medium

  * d/watch: Scope to 10.2.x series, use tarball download site.
  * New upstream point release (LP: #1780930).

 -- James Page <email address hidden> Wed, 11 Jul 2018 11:10:52 +0100

Source diff to previous version
1780930 [SRU] ceph 10.2.10

Version: 10.2.9-0ubuntu0.16.04.1 2017-11-15 01:06:48 UTC

  ceph (10.2.9-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream point release (LP: #1706566):
    - d/p/sleep-recover.patch: Drop, superceeded by upstream fix.

 -- James Page <email address hidden> Tue, 26 Sep 2017 07:39:00 +0100

1706566 [SRU] ceph 10.2.9



About   -   Send Feedback to @ubuntu_updates